HP launches bug bounty programme

By Editorial Content on December 2, 2018

HP goes on the offensive with new printer security initiative In a first for the print industry, HP has announced awards of up to $10,000 for people who identify and report vulnerabilities within its printers.

The bug bounty programme for printing devices is being administered in association with Bugcrowd, a leader in crowdsourced offensive security.

Shivaun Albright, HP’s Chief Technologist of Print Security, said: “HP is committed to engineering the most secure printers in the world. As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up.”

According to Bugcrowd’s 2018 State of Bug Bounty report, in the last 12 months print vulnerabilities across the industry have increased by 21%.

Under the Bug Bounty program, researchers who find vulnerabilities must report them to Bugcrowd. It will verify bugs and, based on the severity of the ﬂaw, give rewards of up to $10,000.

Researchers who report a vulnerability previously discovered by HP may be offered a good faith payment.